build(deps): bump the server-dependencies group in /server with 36 updates

[dependabot]

Bumps the server-dependencies group in /server with 36 updates:

Package	From	To
@influxdata/influxdb-client	1.25.0	1.35.0
@questdb/nodejs-client	3.0.0	4.2.0
@tdengine/rest	3.0.2	3.0.3
ads-client	2.1.0	2.2.0
app-root-path	2.2.1	3.1.0
async	3.2.3	3.2.6
axios	1.13.5	1.13.6
bcryptjs	2.4.3	3.0.3
body-parser	1.20.3	2.2.2
csv-parser	3.0.0	3.2.0
dayjs	1.11.9	1.11.20
express	4.21.2	5.2.1
@types/express	5.0.0	5.0.6
express-rate-limit	5.5.1	8.3.1
fs-extra	7.0.1	11.3.4
influx	5.9.3	5.12.0
jsonwebtoken	9.0.0	9.0.3
live-plugin-manager	0.15.1	1.1.0
modbus-serial	8.0.19	8.0.23
morgan	1.10.0	1.10.1
mqtt	4.3.7	5.15.0
node-opcua	2.149.0	2.164.2
node-red	4.1.1	4.1.7
nodemailer	7.0.13	8.0.2
nopt	5.0.0	9.0.0
pdfmake	0.2.5	0.3.6
pg	8.18.0	8.20.0
socket.io	4.8.1	4.8.3
sqlite3	5.1.5	6.0.1
winston	3.7.2	3.19.0
ws	8.18.0	8.19.0
@mapbox/node-pre-gyp	1.0.11	2.0.3
chai	5.1.2	6.2.2
mocha	10.8.2	11.7.5
sinon	19.0.2	21.0.2
typescript	5.6.3	5.9.3

Updates @influxdata/influxdb-client from 1.25.0 to 1.35.0

Release notes

Sourced from @​influxdata/influxdb-client's releases.

1.35.0

Bug Fixes

1. #1044: Allow 201 status code in a write response.

1.34.0

Breaking Changes

⚠️ Drop supports for node v14, v15 and v16 in CI.

Features:

1. #1005: Token stored as a private class property.
2. #1019: Propagates headers from HTTP response when an error is returned from the server.

CI

1. #893: Add node v20 to CI.
2. #953: Add node v21 to CI.

v1.33.2

1.33.2 [2023-02-23]

Bug Fixes

1. Various updates to dependencies

v1.33.1

1.33.1 [2023-01-26]

Bug Fixes

1. Various updates to dependencies

v1.33.0

1.33.0 [2022-12-02]

Bug Fixes

1. Various updates to dependencies

1.32.0

Features

1. #592: Allow to receive query results using for-await loop.

Breaking Changes

1. #592: The client packages newly require ES2018 runtime (was ES2015). The javascript code now needs async generators and for-await loop. At least the latest node 14 is required because of mature support for iterable http response. Deno and all current modern browsers support ES2018 for years back. This change shoudn't cause any harm in existing installations. In case of troubles, configure your project with babel ES2018 preset to produce ES2015 code.

... (truncated)

Changelog

Sourced from @​influxdata/influxdb-client's changelog.

1.35.0 [2024-08-15]

Bug Fixes

1. #1044: Allow 201 status code in a write response.

1.34.0 [2024-07-26]

Breaking Changes

⚠️ Drop supports for node v14, v15 and v16 in CI.

Features:

1. #1005: Token stored as a private class property.
2. #1019: Propagates headers from HTTP response when an error is returned from the server.
3. #1020: Adds example of working with HttpError response.

CI

1. #893: Add node v20 to CI.
2. #953: Add node v21 to CI.

1.33.2 [2023-02-23]

Bug Fixes

1. Various updates to dependencies

1.33.1 [2023-01-26]

Bug Fixes

1. Various updates to dependencies

1.33.0 [2022-12-02]

Bug Fixes

1. Various updates to dependencies

1.32.0 [2022-11-01]

Features

1. #592: Allow to receive query results using for-await loop.

Other

1. #624: Upgrade to the latest node v18 LTS.

... (truncated)

Commits

• fe5bc8e chore(release): publish v1.35.0 [skip CI]
• 187e987 chore(release): prepare to release influxdb-client-js-1.35.0
• fff3615 fix: handle 201 response from write endpoint (#1044)
• b11ebbf chore(deps-dev): bump @​typescript-eslint/parser from 7.14.1 to 8.0.0 (#1025)
• e535fb0 chore(deps-dev): bump prettier from 3.3.2 to 3.3.3 (#1028)
• d35725e chore(deps-dev): bump esbuild from 0.22.0 to 0.23.0 (#1024)
• 7cb8e43 Merge pull request #1020 from influxdata/docs/headersExample
• 3d1ff62 docs: adds httpErrorHandled example and integration test for HttpError
• 147f6ee chore(release): publish v1.34.0 [skip CI]
• 4db6db9 chore(release): prepare to release influxdb-client-js-1.34.0
• Additional commits viewable in compare view

Updates @questdb/nodejs-client from 3.0.0 to 4.2.0

Release notes

Sourced from @​questdb/nodejs-client's releases.

Support for the DECIMAL type

Release Overview

This release adds full support for the DECIMAL data type, aligning the client library with the QuestDB 9.2.0 server update.

DECIMAL Support

With QuestDB 9.2.0 introducing the new DECIMAL data type, this release extends the client API to enable seamless ingestion and handling of decimal values.
The updated API supports DECIMAL values provided as string, number, BigInt or Int8Array with a scale, and supports ingestion in both text and binary forms.

For detailed usage examples, refer to the updated API documentation.

Compatibility

This version remains fully backwards compatible.
However, the new DECIMAL functionality requires a server that supports protocol v3 — available in QuestDB 9.2.0 or later.

Nanosecond precision

Release Overview

This release introduces nanosecond precision support for timestamps, aligning the client library with the recent QuestDB 9.1.0 server update.

Nanosecond Precision Support

Previously, while the API allowed timestamps to be specified in nanoseconds, they were stored on the server with only microsecond precision.
QuestDB 9.1.0 added nanosecond accuracy through the new TIMESTAMP_NS data type, and this library update brings full client-side support for it.

Starting with this release:

• When using protocol version v2 or higher, and timestamps are provided in nanoseconds, they are now recorded on the server with full nanosecond precision, provided the column type is TIMESTAMP_NS.
• If the column does not yet exist and the client sends nanosecond timestamps, the server will automatically create the column as TIMESTAMP_NS.
• This behavior also applies to the designated timestamp column.

For compatibility:

• Protocol version v1 remains unchanged and continues to store timestamps with microsecond precision, ensuring full backward compatibility.

Export SenderOptions class

A maintenance release to fix exports in the library. SenderOptions was exported only as a type, its methods were not available for use. Many thanks to @​nicochatzi for providing the fix!

This release also exports the createBuffer() and createSender() factory functions, so now we can do this:

    const options: SenderOptions = await SenderOptions.fromConfig('http::addr=localhost:9000');
    const buffer: SenderBuffer = createBuffer(options);
    const transport: SenderTransport = createTransport(options);
buffer.table("test").symbol("sym", "sym1").floatColumn("fp64", 1.123).atNow();
await transport.send(buffer.toBufferNew());

</tr></table>

... (truncated)

Commits

• de46ee3 v4.2.0
• 91e9f0b feat: support for DECIMAL type (#56)
• 58507a4 v4.1.0
• c717f8e chore(nodejs): fix integration tests (#57)
• cd979d4 v4.1
• 42f52a9 feat(nodejs): nanos precision for timestamps (#55)
• 75da0cd small doc fix
• 89faf4f v4.0.2
• 4949f18 chore(nodejs): expose SenderOptions class (#53)
• 1073a06 doc update
• Additional commits viewable in compare view

Updates @tdengine/rest from 3.0.2 to 3.0.3

Release notes

Sourced from @​tdengine/rest's releases.

3.0.3.0

New Features:

• You can now create windowed queries that are triggered by events - just specify any conditions that TDengine supports, including operations on different columns.
• Indexing on any tag: You can now create an index on any tag, enabling improved query performance when filtering by tag.
• (Enterprise Edition only) Data compaction: TDengine Enterprise Edition now provides the COMPACT statement to reorganize your database and remove gaps from deleted or updated records. This can greatly improve storage and query performance on deployments that have been running for some time.
• (Enterprise Edition only) TDengine Explorer: TDengine Enterprise Edition now offers a convenient GUI to make ad hoc time-series operations and instance management even easier.
• (Enterprise Edition only) Local backup and migration: The latest version of taosX included with TDengine Enterprise Edition 3.0.3.0 can back up and restore a TDengine deployment from a local file. taosX can also migrate data from existing TDengine 2.6 or 3.x deployments to TDengine 3.0.3.0, either incrementally or in full.

Enhancements:

• Results of stream processing can be stored in existing stables
• You can specify tags when storing the results of stream processing
• Data can be subscribed over websocket using Java Connector
• Data can be subscribed over websocket using Python Connector
• You can monitor HTTP status code on Grafana Dashboard
• Grafana plugin supports multi-dimensional alerts
• taosBenchmark can write data into sepcified range of child tables
• taosBenchmark can specify the number of vgroups on command line

What's Changed

• enh: replace row format by @​xiao-yu-wang in taosdata/TDengine#18498
• enh: replace row format by @​xiao-yu-wang in taosdata/TDengine#18506
• enh: insert row format by @​xiao-yu-wang in taosdata/TDengine#18531
• enh: insert row format by @​xiao-yu-wang in taosdata/TDengine#18547
• enh: add table blokc order check by @​xiao-yu-wang in taosdata/TDengine#18559
• merge 3.0 by @​xiao-yu-wang in taosdata/TDengine#18560
• fix:merge from submit_req by @​wangmm0220 in taosdata/TDengine#18650
• fix:submit req by @​wangmm0220 in taosdata/TDengine#18660
• fix: add logic for schemaless by @​wangmm0220 in taosdata/TDengine#18665
• fix:rm useless code by @​wangmm0220 in taosdata/TDengine#18669
• refact: tsma/rsma process and result adaption by @​kailixu in taosdata/TDengine#18666
• fix: insert float error by @​xiao-yu-wang in taosdata/TDengine#18673
• fix:merge submit req by @​wangmm0220 in taosdata/TDengine#18718
• fix: memory leak by @​xiao-yu-wang in taosdata/TDengine#18748
• fix: insert varchar error by @​xiao-yu-wang in taosdata/TDengine#18753
• fix: merge conflict by @​xiao-yu-wang in taosdata/TDengine#18781
• fix: insert row format error by @​xiao-yu-wang in taosdata/TDengine#18795
• opti:performance of schemaless by @​wangmm0220 in taosdata/TDengine#18833
• fix:merge from submit_req by @​wangmm0220 in taosdata/TDengine#18839
• docs: add 3.0.3 & 2.0.42 version desc by @​huolibo in taosdata/TDengine#18856
• docs: update taosadapter document for schemaless ttl by @​sunpe in taosdata/TDengine#18726
• docs:release 3.0.2.0 by @​xleili in taosdata/TDengine#18866
• merge from main to 3.0 by @​guanshengliang in taosdata/TDengine#18863
• doc: correct configuration parameters by @​gccgdb1234 in taosdata/TDengine#18883
• doc: reorganize 3.0 configuration parameters by @​gccgdb1234 in taosdata/TDengine#18884
• merge from main to 3.0 by @​guanshengliang in taosdata/TDengine#18885
• doc: remove minSlidingTime and minIntervalTime by @​gccgdb1234 in taosdata/TDengine#18888
• doc: add compressMsgSize back by @​gccgdb1234 in taosdata/TDengine#18896
• fix: taosbenchmark rest insert mode in json by @​sangshuduo in taosdata/TDengine#18892
• opti:split clientSml.c to 3 files & modify unit test cases for sml by @​wangmm0220 in taosdata/TDengine#18912
• fix:error in CI by @​wangmm0220 in taosdata/TDengine#18913

... (truncated)

Commits

• 4c69835 Merge pull request #20327 from taosdata/fix/xftan/TS-2827/main
• c4d2718 Merge pull request #20332 from taosdata/fix/main_bugfix_wxy
• 5d80e71 fix: check the compatibility of client version and server version
• 098dddc Merge pull request #20328 from taosdata/fix/TD-22972
• ac1b924 Merge pull request #20330 from taosdata/fix/msg_check
• 3db2c59 fix: check the compatibility of client version and server version
• e034d7a Merge pull request #20321 from taosdata/fix/TD-22247-M
• 38c9501 docs: this line is inaccurate, in current connector-python repo, it require p...
• 1439bdc Merge pull request #20306 from taosdata/feat/add-reboot-time
• 0568838 little fix
• Additional commits viewable in compare view

Updates ads-client from 2.1.0 to 2.2.0

Release notes

Sourced from ads-client's releases.

v.2.2.0

[2.2.0] - 27.12.2025

Added

• Added caching of built data types to improve performance
  • See [pull request #178](jisotalo/ads-client#178)

Changed

• Bug fix: Unhandled Promise rejections during automatic reconnecting
  • See [pull request #177](jisotalo/ads-client#177)
• Fixed a Typescript warning at socket.on("data", (data) => {...}) as the data chunk could be a string as well
• Dependencies updated
• Documentation updated

Thank you Christian Rishøj for contribution!

All tests passing.

Changelog

Sourced from ads-client's changelog.

[2.2.0] - 27.12.2025

Added

• Added caching of built data types to improve performance
  • See [pull request #178](jisotalo/ads-client#178)

Changed

• Bug fix: Unhandled Promise rejections during automatic reconnecting
  • See [pull request #177](jisotalo/ads-client#177)
• Fixed a Typescript warning at socket.on("data", (data) => {...}) as the data chunk could be a string as well
• Dependencies updated
• Documentation updated

Thank you Christian Rishøj for contribution!

All tests passing.

Commits

• 424d34b [2.2.0] - 27.12.2025
• e586511 ## [2.2.0] - 27.12.2025
• bc9275b Merge pull request #178 from crishoj/cache-built-data-types
• 0f0e29c Merge pull request #176 from jisotalo/dependabot/npm_and_yarn/mdast-util-to-h...
• a8ad51e Merge pull request #175 from jisotalo/dependabot/npm_and_yarn/js-yaml-3.14.2
• bf86002 Merge pull request #177 from crishoj/fix-catch-without-argument
• c2f1fdd perf: cache fully built data types in buildDataType()
• 7dcb551 fix: catch without argument does not suppress
• 8b5c9f2 Bump mdast-util-to-hast from 13.2.0 to 13.2.1
• fb31579 Bump js-yaml from 3.14.1 to 3.14.2
• See full diff in compare view

Updates app-root-path from 2.2.1 to 3.1.0

Release notes

Sourced from app-root-path's releases.

3.1.0

Added

• Add TypeScript types by @​douira in inxilpro/node-app-root-path#50

Fixed

• Add fallback for when imported as ESM (in which case require.main is unavailable) by @​Pouja in inxilpro/node-app-root-path#53

New Contributors

• @​Pouja made their first contribution in inxilpro/node-app-root-path#53
• @​douira made their first contribution in inxilpro/node-app-root-path#50

Full Changelog: inxilpro/node-app-root-path@v2.1.0...3.1.0

3.0.0

Improved Plug'n'Play and Webpack support.

Commits

• 506c98d Merge pull request #50 from douira/patch-1
• e868e55 Merge pull request #53 from Pouja/bugfix/require-main-is-undefined
• 30b32b5 fix: Added check if require.main is set
• 5296e8d use return type of node require
• fc2949b Create index.d.ts
• 54d06fe Merge branch 'master' of https://github.com/inxilpro/node-app-root-path
• bdd59ea ci: updated semantic-release & other CI/build dependencies
• 7aab416 chore: tweaked gitignore file
• 26cd05e Update README.md
• 9e8c297 Merge pull request #35 from rkgrep/patch-1
• Additional commits viewable in compare view

Updates async from 3.2.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

• Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
• Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

Commits

• 85fb18f Version 3.2.6
• 8c0c941 Update built files
• 5f756b4 Fix ReDoS (#1980)
• 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
• 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
• 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
• afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
• 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
• 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
• f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
• Additional commits viewable in compare view

Updates axios from 1.13.5 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
• Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#7386)
• @​ybbus (#7392)
• @​Shiwaangee (#7324)
• @​skrtheboss (#7403)
• @​Janaka66 (#7427)
• @​moh3n9595 (#5764)
• @​digital-wizard48 (#7424)

Full Changelog: v1.13.5...v1.13.6

Commits

• 7108c88 chore(release): prepare release 1.13.6 (#7446)
• 20a0ba3 refactor(deps): migrate @​rollup/plugin-babel from v5.3.1 to v6.1.0 (#7424)
• 885b4af feat: support react native blob objects (#5764)
• 00d97b9 docs(utils): add missing JSDoc comments (#7427)
• 9712548 chore(deps-dev): bump the development_dependencies group across 1 directory w...
• d51accb fix(core): copy status from source error in AxiosError.from (#7403)
• 3e30bbf chore: fix publish to only run on v1 tags
• 672491d fix: safe FormData detection for WeChat Mini Program (#7306) (#7324)
• 822e3e4 fix: make AxiosError.message property enumerable (#7392)
• ef3711d feat: implement prettier and fix all issues (#7385)
• Additional commits viewable in compare view

Updates bcryptjs from 2.4.3 to 3.0.3

Release notes

Sourced from bcryptjs's releases.

v3.0.3

Bug fixes

• Always yield to event loop before nextTick for async versions (#164) (1211e9a2213e0b3ee232a204b3ce899beebce31a)

v3.0.2

Bug fixes

• Use upstream fix to emit interop helpers (28e510389374f5736c447395443d4a6687325048)

v3.0.1

Bug fixes

• Separate ESM and UMD type definitions (e7055caf0c723cbcf8bc3f0784b8c30ee332380f)

v3.0.0

Breaking changes

• Modernize project structure (2f45985738604c743c4b8cc8464e3e7d3e04c73d) The project now exports an ECMAScript module by default, albeit with an UMD fallback, ships with types, the dist/ directory no longer exists in version control, and Closure Compiler externs have been removed.
• Generate 2b hashes by default (d36bfb42fa642b6d6986a84ce106a7110e5824db) This library was not affected by the bug that led to incrementing the bcrypt version from 2a to 2b, but nowadays most implementations use 2b, including the native bcrypt binding, so this change aligns with them. Existing hashes will continue to work, but test logic that generates hashes and compares them literally might need to be updated to account for the new default.

Features

• Add helper to check for password input length (d5656b39e2e368c87724a312e4e454456a4e5d1b)

Other

• Update publish workflow (2a9bea9e276e6be04dbd403f9695937788b3b10a)
• Add note on using the ESM variant in the browser (e09eb9afb14170069aaea19631b763307ee7b480)
• Update types (58333a1533dd53838e2697628f84b98d54a5c079)
• Merge lint and test workflows (2e3b17659e8856696acfe3015631ce2989eb3084)
• Fix tests (ec02e8a0ada7a8f6c71a91df164db8c25bbbb7b4)
• Update legacy fallback to handle crypto dependency (9db275fa10b1b40da4a6844480d7f8ae8df27fb8)
• Update lint workflow title (ac70ac57c2f99ad5639eddf54578e5fdd07b9c4c)
• Adapt crypto module usage for ESM environments (574d690d4972bcebbd5ca07880a62abab9ae3c0b)
• Format with prettier (e7465479282d8155852ce88d6407eccb14adc106)
• Rename default branch to 'main' (548559d032d7dd5ac3e4e16d7afd87b36ebe96ca)
• Update description to mention TypeScript support (4977df0849eaf8cad5b0d0b543fe452432a2d761)
• Add stale action for issues and PRs (a84d4e45487df0972d8781feafa477d5db4c1dbd)
• Fix typo (c8c9c01799bbc13092fcbb20cfab4d9015d14c61)
• Fix Node.js version in CI (1b54cc48d4120b50e1d9058e5a67f326102fd744)

Backlog from v2

• Added externs to .npmignore (#124) (7e2e93af99df2952253f9cf32db29aefa8f272f7) The npm package does not need externs as it is needed only for closure compiler. Added it in .npmignore since bcryptjs overrides global module and process in WebStorm IDE.
• Make sure the bin script uses LF (684fac6814a81d974c805a15e22fd69922c7ca6e)
• Post-merge; Clean up a bit (b09f7f266a7015456b7b36deeb026dc636f64542)

... (truncated)

Commits

• 1211e9a fix: Always yield to event loop before nextTick for async versions (#164)
• 28e5103 fix: Use upstream fix to emit interop helpers
• e7055ca fix: Separate ESM and UMD type definitions
• 2a9bea9 Update publish workflow
• d5656b3 Add helper to check for password input length
• e09eb9a Add note on using the ESM variant in the browser
• 58333a1 Update types
• 2e3b176 Merge lint and test workflows
• ec02e8a Fix tests
• 9db275f Update legacy fallback to handle crypto dependency
• Additional commits viewable in compare view

Updates body-parser from 1.20.3 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

• docs: update README links by @​efekrskl in expressjs/body-parser#673
• docs: release notes for the v1.20.4 release by @​Phillip9587 in expressjs/body-parser#674
• docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @​Phillip9587 in expressjs/body-parser#679
• docs: use standard jsdoc tags everywhere by @​Phillip9587 in expressjs/body-parser#677
• deps: qs@^6.14.1 by @​UlisesGascon in expressjs/body-parser#689
• refactor(json): simplify strict mode error string construction by @​jonchurch in expressjs/body-parser#693
• Release: 2.2.2 by @​UlisesGascon in expressjs/body-parser#691

New Contributors

• @​efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

• Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

• ci: add dependabot by @​Phillip9587 in expressjs/body-parser#593
• ci: use full SHAs for github action versions by @​Phillip9587 in expressjs/body-parser#594
• deps: type-is@^2.0.1 by @​Phillip9587 in expressjs/body-parser#599
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/body-parser#609
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in expressjs/body-parser#610
• build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @​dependabot[bot] in expressjs/body-parser#611
• build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @​dependabot[bot] in expressjs/body-parser#613
• build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @​dependabot[bot] in expressjs/body-parser#612
• ci: add codeql github workflows scanning by @​Phillip9587 in expressjs/body-parser#614
• ci: update CodeQL config to ignore the test directory by @​Phillip9587 in expressjs/body-parser#615
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/body-parser#620
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in expressjs/body-parser#619
• chore(deps): unpin devDependencies by @​Phillip9587 in expressjs/body-parser#616
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/body-parser#621
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/body-parser#623
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/body-parser#624
• chore: add funding to package.json by @​Phillip9587 in expressjs/body-parser#617
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/body-parser#625
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/body-parser#630
• refactor: move common request validation to read function by @​Phillip9587 in expressjs/body-parser#600
• deps: bump iconv-lite by @​bjohansebas in expressjs/body-parser#631
• doc: pull beta changelog forward into 2.0.0 by @​jonchurch in expressjs/body-parser#629
• refactor: optimize raw and text parsers with shared passthrough function by @​Phillip9587 in expressjs/body-parser#634
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#640
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in expressjs/body-parser#639
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#636
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#637
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @​dependabot[bot] in expressjs/body-parser#638
• deps: raw-body@^3.0.1 by @​Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

• deps: qs@^6.14.1
• refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

• Security fix for GHSA-wqch-xfxh-vrr4
• deps:
  • type-is@^2.0.1
  • iconv-lite@^0.7.0
    • Handle split surrogate pairs when encoding UTF-8
    • Avoid false positives in encodingExists by using prototype-less objects
  • raw-body@^3.0.1
  • debug@^4.4.3

2.2.0 / 2025-03-27

• refactor: normalize common options for all parsers
• deps:
  • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

• deps:
  • type-is@^2.0.0
  • debug@^4.4.0
  • Removed destroy
• refactor: prefix built-in node module imports
• use the node require cache instead of custom caching

2.0.2 / 2024-10-31

• remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

• Restore expected behavior extended to false

2.0.0 / 2024-09-10

Breaking Changes

• Node.js 18 is the minimum supported version

... (truncated)

Commits

• 3d24866 2.2.2 (#691)
• 8474a98 refactor(json): simplify strict mode error string construction (#693)
• 03f17c2 deps: qs@^6.14.1 (#689)
• ea1f25e docs: use standard jsdoc tags everywhere (#677)
• d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
• b6f52aa docs: release notes for the v1.20.4 release (#674)
• 2965ca4 docs: update links (#673)
• d96b63d 2.2.1 (#659)
• b204886 sec: security patch for CVE-2025-13466
• e20e351 feat: remove history.md from being packaged on publish (#660)
• Additional commits viewable in compare view

Updates csv-parser from 3.0.0 to 3.2.0

Commits<...

Description has been truncated